Cyber security is increasingly a point of consideration for all organisations, but it is becoming a critical concern for Australian universities and K-12 schools.

Major cyber threats currently faced by universities and schools include phishing attacks, ransomware or malware, Denial or Service (DoS) or Distributed Denial of Service (DDoS) attacks, and data breaches. Any of these incidents can severely impact productivity of an educational institution, and can have serious financial and reputational implications.

Phishing

Phishing is one of the most common social engineering attacks, often executed via email, phone call or texts. These interactions aim to trick an individual to give up personal or company information or account passwords.

Ransomware or Malware

Ransomware or malware attacks are designed to encrypt data on a device or system so that it is no longer readable, with a demand for payment in order to decrypt it. Perpetrators of ransomware attacks may also threaten to release the data to a public forum or the dark web unless their demands are met.

DDoS

DDoS attacks overload a target with a flood of internet traffic, disrupting critical online services and systems. While a DoS attack usually originates from a single point, a DDoS attack can come from multiple source IP addresses from around the world, making it much more difficult to manually filter or drop the traffic.

Data breaches

Data breaches can be the result of a lapse in security such as weak passwords, unpatched software or human error. Another risk of data breaches are through insider threats, where someone with authorised access or understanding of internal systems can use that information to harm the organisation.

Increasing cyber threat activity

Over the past year, the AARNet Security Operations Centre has seen evidence across the education sector of an increase in both DDoS attacks, and targeting from crime groups undertaking ransomware and data theft operations. The Australian Cyber Security Centre’s Annual Cyber Threat Report for 2022 revealed that they received over 76,000 cybercrime reports between July 2021 and June 2022, with 7% of those coming from the education and training industry.

Educational institutions were also the most impacted sector when it comes to ransomware attacks, where they make up 11% of the 447 incidents reported. Similarly, the Office of the Australian Information Commissioner’s Notifiable Data Breaches Report noted that 11% of the 396 reported incidents between January and June 2022 affected the education sector.

What can you do to protect your institution?

Creating a safe and secure environment for students, faculty and staff to teach, learn and work online is paramount for educational institutions. By adapting cyber security strategies, staying informed and implementing the following best practices, universities and schools can keep their assets and community protected in line with recognised industry frameworks such as the Australian Cyber Security Centre’s Essential 8 Maturity Model or, as outlined below, the American National Institute of Standards and Technology’s NIST Cyber Framework:

Identify (what processes and assets need protection by):

• Introducing cyber security awareness training and education for faculty, staff, and students to highlight the dangers of cyber threats, how to identify them, and how to avoid or mitigate against them.

Protect (enterprise assets by implementing appropriate safeguards such as):

• Multi-factor authentication (MFA) to add an additional layer of security for access accounts and systems.
• Implementation of strong password policies and encourage users to use a password manager to generate unique, complex passwords.
• Regular update of software and systems to ensure protection against the latest cyber threats.

Detect (cyber security weaknesses or the occurrence of cyber security incidents by):

• Conducting regular security audits and penetration testing to identify and address vulnerabilities, particularly in relation to third-party service providers and software.
• Invest in a comprehensive cyber security solution that includes threat intelligence, endpoint protection, and incident response capabilities.

Respond and Recover (to contain the impact of a cyber security incident and restore capabilities by):

• Establishing incident response and recovery plans that are regularly tested and updated to ensure they remain effective as circumstances and technology changes and evolves.

Additional resources

The Australian Cyber Security Centre (ACSC) website is also a useful resource providing a wealth of information about protecting your organisation’s IT systems and information.